SOLVED SID does not resolve after reinstall

[arkoMax]

I had to reinstall FreeNAS onto a new USB drive as my previous one kept being dismounted every so often (at least I truly hope that it was due to a faulty stick and not a bigger problem with my system).

In any case, saved the config earlier in the day, did a fresh install of FreeNAS onto a new drive, re-imported, and I am back up and running. Everything seems to be in order within the FreeNAS GUI and I have no problems with my shares as previously configured.

However - right clicking any of the shares/files and looking at the windows security properties, the owner group is properly enumerated but the owner user isn't ... it's showing Account Unknown and the SID. The owner user is the same as what I am logged on as in windows. The dataset permissions (and my created users/groups) in the FreeNAS GUI all look normal as before.

Any ideas on how I can fix this?

 

[Ericloewe]

What does Windows' permissions manager show?

 

[arkoMax]

What does Windows' permissions manager show?

Hi Eric, please see below

Code:

[root@KNOX ~]# getfacl /mnt/VOL1/media																							
# file: /mnt/VOL1/media																											 
# owner: myst																													   
# group: admin																													  
			owner@:rwxpDdaARWcCos:fd-----:allow																					 
			group@:rwxpDdaARWcCos:fd-----:allow																					 
		 everyone@:r-x---a-R-c---:fd-----:allow																					 
[root@KNOX ~]#  

 

[Ericloewe]

What versions of FreeNAS are we dealing with here?

 

[anodos]

Post output of net getlocalsid along with version of FreeNAS you were running before the upgrade / reinstall.

 

[arkoMax]

Post output of net getlocalsid along with version of FreeNAS you were running before the upgrade / reinstall.

Code:

[root@KNOX ~]# net getlocalsid																									
Environment LOGNAME is not defined. Trying anonymous access.																		
SID for domain KNOX is: S-1-5-21-2239474815-3528616346-3593154525

FreeNAS version is 11.0-U2, before and after reinstall (this is a new system, few weeks old).

 

[anodos]

Code:

[root@KNOX ~]# net getlocalsid																									
Environment LOGNAME is not defined. Trying anonymous access.																		
SID for domain KNOX is: S-1-5-21-2239474815-3528616346-3593154525

FreeNAS version is 11.0-U2, before and after reinstall (this is a new system, few weeks old).

Run the following commands:
net groupmap list
net usersidlist
pdbedit -Lv myst

Post contents of /usr/local/etc/smb4.conf

Perhaps send me a PM with a debug tarball. I'd like to look at this closer since it appears that your local domain's SID changed (which it shouldn't do).

 

[arkoMax]

Run the following commands:
net groupmap list
net usersidlist
pdbedit -Lv myst

Post contents of /usr/local/etc/smb4.conf

Code:

[root@KNOX ~]# net getlocalsid																									
Environment LOGNAME is not defined. Trying anonymous access.																		
SID for domain KNOX is: S-1-5-21-2239474815-3528616346-3593154525	

Code:

[root@KNOX ~]# net usersidlist																									
Environment LOGNAME is not defined. Trying anonymous access.																		
KNOX\myst																														 
S-1-5-21-2239474815-3528616346-3593154525-1002																					
S-1-1-0																															
S-1-5-2																															
S-1-5-11

I am completely new to unix, how do I read the contents of smb4.conf?
I tried just running /usr/local/etc/smb4.conf and get bash: /usr/local/etc/smb4.conf: Permission denied
---------------
Edit: I just noticed in the quote above that there is another command "pdbedit"..but it does not appear in your comment above anodos? not sure if I should run that or not..

 

[anodos]

Code:

[root@KNOX ~]# net getlocalsid																									
Environment LOGNAME is not defined. Trying anonymous access.																		
SID for domain KNOX is: S-1-5-21-2239474815-3528616346-3593154525	

Code:

[root@KNOX ~]# net usersidlist																									
Environment LOGNAME is not defined. Trying anonymous access.																		
KNOX\myst																														 
S-1-5-21-2239474815-3528616346-3593154525-1002																					
S-1-1-0																															
S-1-5-2																															
S-1-5-11

I am completely new to unix, how do I read the contents of smb4.conf?
I tried just running /usr/local/etc/smb4.conf and get bash: /usr/local/etc/smb4.conf: Permission denied

An easy way to get it is to type cat /usr/local/etc/smb4.conf and press enter. If you want to be able to scroll around the file with arrow keys and PgUp / PgDn, then type less /usr/local/etc/smb4.conf. When you are done looking at it via less, then press the "q" key.

Please post the output of pdbedit -Lv myst.

 

[arkoMax]

Thanks for explaining, and for your patience. Here it is:

Code:

[global]																															
	server max protocol = SMB2																									  
	encrypt passwords = yes																										 
	dns proxy = no																												  
	strict locking = no																											 
	oplocks = yes																												   
	deadtime = 15																												   
	max log size = 51200																											
	max open files = 941141																										 
	logging = file																												  
	load printers = no																											  
	printing = bsd																												  
	printcap name = /dev/null																									   
	disable spoolss = yes																										   
	getwd cache = yes																											   
	guest account = nobody																										  
	map to guest = Bad User																										 
	obey pam restrictions = yes																									 
	ntlm auth = no																												  
	directory name cache size = 0																								   
	kernel change notify = no																									   
	panic action = /usr/local/libexec/samba/samba-backtrace																		 
	nsupdate command = /usr/local/bin/samba-nsupdate -g																			 
	server string = KNOX SERVER																									 
	ea support = yes																												
	store dos attributes = yes																									  
	lm announce = yes																											   
	unix extensions = no																											
	time server = yes																											   
	acl allow execute always = true																								 
	dos filemode = yes																											  
	multicast dns register = yes																									
	domain logons = no																											  
	local master = yes																											  
	idmap config *: backend = tdb																								   
	idmap config *: range = 90000001-100000000																					  
	server role = standalone																										
	netbios name = KNOX																											 
	workgroup = WORKGROUP																										   
	security = user																												 
	pid directory = /var/run/samba																								  
	create mask = 0666																											  
	directory mask = 0777																										   
	client ntlmv2 auth = yes																										
	dos charset = CP437																											 
	unix charset = UTF-8																											
	log level = 0  

[Archive]																														   
	path = "/mnt/VOL2/archive"																									  
	printable = no																												  
	veto files = /.snapshot/.windows/.mac/.zfs/																					 
	writeable = yes																												 
	browseable = yes																												
	vfs objects = zfs_space zfsacl streams_xattr aio_pthread																		
	hide dot files = no																											 
	guest ok = no																												   
	nfs4:mode = special																											 
	nfs4:acedup = merge																											 
	nfs4:chown = true																											   
	zfsacl:acesort = dontcare																									   

[Media]																															 
	path = "/mnt/VOL1/media"																										
	printable = no																												  
	veto files = /.snapshot/.windows/.mac/.zfs/																					 
	writeable = yes																												 
	browseable = yes																												
	vfs objects = zfs_space zfsacl streams_xattr aio_pthread																		
	hide dot files = yes																											
	guest ok = yes																												  
	nfs4:mode = special																											 
	nfs4:acedup = merge																											 
	nfs4:chown = true																											   
	zfsacl:acesort = dontcare																									   

[Media2]																															
	path = "/mnt/VOL1/media2"																									   
	printable = no																												  
	veto files = /.snapshot/.windows/.mac/.zfs/																					 
	writeable = no																												  
	browseable = yes																												
	vfs objects = zfs_space zfsacl streams_xattr aio_pthread																		
	hide dot files = no																											 
	guest ok = no																												   
	nfs4:mode = special																											 
	nfs4:acedup = merge																											 
	nfs4:chown = true																											   
	zfsacl:acesort = dontcare							

Code:

[root@KNOX ~]# pdbedit -Lv myst																									
Unix username:		myst																										  
NT username:																														
Account Flags:		[U		  ]																								 
User SID:			 S-1-5-21-2239474815-3528616346-3593154525-1002																
Primary Group SID:	S-1-5-21-2239474815-3528616346-3593154525-513																 
Full Name:			myst																										  
Home Directory:	   \\knox\myst																								   
HomeDir Drive:																													  
Logon Script:																													   
Profile Path:		 \\knox\myst\profile																						   
Domain:			   KNOX																										  
Account desc:																													   
Workstations:																													   
Munged dial:																														
Logon time:		   0																											 
Logoff time:		  9223372036854775807 seconds since the Epoch																   
Kickoff time:		 9223372036854775807 seconds since the Epoch																   
Password last set:	Sat, 19 Aug 2017 04:16:13 AEST																				
Password can change:  Sat, 19 Aug 2017 04:16:13 AEST																				
Password must change: never																										 
Last bad password   : 0																											 
Bad password count  : 0																											 
Logon hours		 : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF	

 

[anodos]

Post output of getfacl /mnt/VOL1/media/Movies.

 

[arkoMax]

Post output of getfacl /mnt/VOL1/media/Movies.

Code:

[root@KNOX ~]# getfacl /mnt/VOL1/media/Movies																					   
# file: /mnt/VOL1/media/Movies																									  
# owner: myst																													   
# group: admin																													  
			owner@:rwxpDdaARWcCos:fd----I:allow																					 
			group@:rwxpDdaARWcCos:fd----I:allow																					 
		 everyone@:r-x---a-R-c---:fd----I:allow

 

[arkoMax]

Perhaps send me a PM with a debug tarball. I'd like to look at this closer since it appears that your local domain's SID changed (which it shouldn't do).

Just noticed this - no problem, but please let me know how exactly to do this..
----------
Edit: Never mind, figured it out from the manual, sent you the debug log.

 

[arkoMax]

Just an update for closure - the owner group is now enumerating properly. I didn't do anything myself, just randomly checked today and saw that it's working. Can't explain as to why